<!DOCTYPE HTML>

<html lang="en">
<head>

<title>MessageDigestPasswordEncoder (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="MessageDigestPasswordEncoder (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":42,"i1":42,"i2":42,"i3":42};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"],32:["t6","Deprecated Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="MessageDigestPasswordEncoder.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="MessageDigestPasswordEncoder.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="MessageDigestPasswordEncoder.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="MessageDigestPasswordEncoder.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="MessageDigestPasswordEncoder.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.crypto.password</a></div>
<h2 title="Class MessageDigestPasswordEncoder" class="title">Class MessageDigestPasswordEncoder</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li>org.springframework.security.crypto.password.MessageDigestPasswordEncoder</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code><a href="PasswordEncoder.html" title="interface in org.springframework.security.crypto.password">PasswordEncoder</a></code></dd>
</dl>
<hr>
<pre>@Deprecated
public class <span class="typeNameLabel">MessageDigestPasswordEncoder</span>
extends java.lang.Object
implements <a href="PasswordEncoder.html" title="interface in org.springframework.security.crypto.password">PasswordEncoder</a></pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use <a href="DelegatingPasswordEncoder.html" title="class in org.springframework.security.crypto.password"><code>DelegatingPasswordEncoder</code></a> which supports
password upgrades. There are no plans to remove this support. It is deprecated to
indicate that this is a legacy implementation and using it is considered insecure.</div>
</div>
<div class="block">This <a href="PasswordEncoder.html" title="interface in org.springframework.security.crypto.password"><code>PasswordEncoder</code></a> is provided for legacy purposes only and is not considered
secure.
Encodes passwords using the passed in <code>MessageDigest</code>.
The general format of the password is:
<pre> s = salt == null ? "" : "{" + salt + "}"
 s + digest(password + s)
 </pre>
Such that "salt" is the salt, digest is the digest method, and password is the actual
password. For example when using MD5, a password of "password", and a salt of
"thisissalt":
<pre> String s = salt == null ? "" : "{" + salt + "}";
 s + md5(password + s)
 "{thisissalt}" + md5(password + "{thisissalt}")
 "{thisissalt}2a4e7104c2780098f50ed5a84bb2323d"
 </pre>
If the salt does not exist, then omit "{salt}" like this:
<pre> digest(password)
 </pre>
If the salt is an empty String, then only use "{}" like this:
<pre> "{}" + digest(password + "{}")
 </pre>
The format is intended to work with the DigestPasswordEncoder that was found in the
Spring Security core module. However, the passwords will need to be migrated to include
any salt with the password since this API provides Salt internally vs making it the
responsibility of the user. To migrate passwords from the SaltSource use the following:
<pre> String salt = saltSource.getSalt(user);
 String s = salt == null ? null : "{" + salt + "}";
 String migratedPassword = s + user.getPassword();
 </pre></div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.0</dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">

</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="MessageDigestPasswordEncoder.html#%3Cinit%3E(java.lang.String)">MessageDigestPasswordEncoder</a></span>&#8203;(java.lang.String&nbsp;algorithm)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span></div>
<div class="block">The digest algorithm to use Supports the named
<a href="https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA">
Message Digest Algorithms</a> in the Java environment.</div>
</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t6" class="tableTab"><span><a href="javascript:show(32);">Deprecated Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>java.lang.String</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="MessageDigestPasswordEncoder.html#encode(java.lang.CharSequence)">encode</a></span>&#8203;(java.lang.CharSequence&nbsp;rawPassword)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span></div>
<div class="block">Encodes the rawPass using a MessageDigest.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="MessageDigestPasswordEncoder.html#matches(java.lang.CharSequence,java.lang.String)">matches</a></span>&#8203;(java.lang.CharSequence&nbsp;rawPassword,
java.lang.String&nbsp;encodedPassword)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span></div>
<div class="block">Takes a previously encoded password and compares it with a rawpassword after mixing
in the salt and encoding that value</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="MessageDigestPasswordEncoder.html#setEncodeHashAsBase64(boolean)">setEncodeHashAsBase64</a></span>&#8203;(boolean&nbsp;encodeHashAsBase64)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span></div>
&nbsp;</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="MessageDigestPasswordEncoder.html#setIterations(int)">setIterations</a></span>&#8203;(int&nbsp;iterations)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span></div>
<div class="block">Sets the number of iterations for which the calculated hash value should be
"stretched".</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">

</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.crypto.password.PasswordEncoder">

</a>
<h3>Methods inherited from interface&nbsp;org.springframework.security.crypto.password.<a href="PasswordEncoder.html" title="interface in org.springframework.security.crypto.password">PasswordEncoder</a></h3>
<code><a href="PasswordEncoder.html#upgradeEncoding(java.lang.String)">upgradeEncoding</a></code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">

</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;(java.lang.String)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>MessageDigestPasswordEncoder</h4>
<pre>public&nbsp;MessageDigestPasswordEncoder&#8203;(java.lang.String&nbsp;algorithm)</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span></div>
<div class="block">The digest algorithm to use Supports the named
<a href="https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA">
Message Digest Algorithms</a> in the Java environment.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>algorithm</code> - </dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="setEncodeHashAsBase64(boolean)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>setEncodeHashAsBase64</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setEncodeHashAsBase64&#8203;(boolean&nbsp;encodeHashAsBase64)</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span></div>
</li>
</ul>
<a id="encode(java.lang.CharSequence)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>encode</h4>
<pre class="methodSignature">public&nbsp;java.lang.String&nbsp;encode&#8203;(java.lang.CharSequence&nbsp;rawPassword)</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span></div>
<div class="block">Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged
with the password before encoding.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="PasswordEncoder.html#encode(java.lang.CharSequence)">encode</a></code>&nbsp;in interface&nbsp;<code><a href="PasswordEncoder.html" title="interface in org.springframework.security.crypto.password">PasswordEncoder</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>rawPassword</code> - The plain text password</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>Hex string of password digest (or base64 encoded string if
encodeHashAsBase64 is enabled.</dd>
</dl>
</li>
</ul>
<a id="matches(java.lang.CharSequence,java.lang.String)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>matches</h4>
<pre class="methodSignature">public&nbsp;boolean&nbsp;matches&#8203;(java.lang.CharSequence&nbsp;rawPassword,
                       java.lang.String&nbsp;encodedPassword)</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span></div>
<div class="block">Takes a previously encoded password and compares it with a rawpassword after mixing
in the salt and encoding that value</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="PasswordEncoder.html#matches(java.lang.CharSequence,java.lang.String)">matches</a></code>&nbsp;in interface&nbsp;<code><a href="PasswordEncoder.html" title="interface in org.springframework.security.crypto.password">PasswordEncoder</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>rawPassword</code> - plain text password</dd>
<dd><code>encodedPassword</code> - previously encoded password</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>true or false</dd>
</dl>
</li>
</ul>
<a id="setIterations(int)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>setIterations</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setIterations&#8203;(int&nbsp;iterations)</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span></div>
<div class="block">Sets the number of iterations for which the calculated hash value should be
"stretched". If this is greater than one, the initial digest is calculated, the
digest function will be called repeatedly on the result for the additional number
of iterations.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>iterations</code> - the number of iterations which will be executed on the hashed
password/salt value. Defaults to 1.</dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="MessageDigestPasswordEncoder.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="MessageDigestPasswordEncoder.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="MessageDigestPasswordEncoder.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="MessageDigestPasswordEncoder.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="MessageDigestPasswordEncoder.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040e398ca5297cf","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
